This article applies to the following HKUST Web servers:

WWW
iHome
Home
Teaching

Basic Password and Group Protection

For greater control, you can restrict access to a set of users, each of whom must enter a valid username and password in order to look at your pages. You create the username and password, and inform your users to grant them access. This pair of username and password are completely separate from those used to access ITSC general services, or any other services.

Setting up access control by user-defined username and password file

The .htaccess file shown below limits access to the webpage to users in the given password file. 

AuthUserFile /home/<"username">/public_html/.htpasswd
AuthName ByPassword
AuthType Basic

require user usera userb userc ...

Assuming your account is cc_test and you would like limit the access to john, peter and ben, your .htaccess file will looks like 

AuthUserFile /home/cc_test/public_html/.htpasswd
AuthName ByPassword
AuthType Basic

require user john peter ben

The .htpasswd contains list of users and UNIX encrypted passwords pair in following format:

usera:QDFpR/cbBgJ8Q
userb:HQxv/8uQHe.Qk
userc:BASZJcujRHRyk
...

We provide a simple web interface here to generate the encrypted passwd with cleartext one. If you are using UNIX timesharing system, the .htpasswd file can be created by htpasswd program. For example:

htpasswd -c .htpasswd usera

The program will then ask for usera's password and add it to the newly created password file. When you want to add another user userb, leave out the "-c" switch:

htpasswd .htpasswd userb

Group file .htgroup is just a text file with lines consists of a group name followed by a list of users. For example: 

friends: usera userb
webmaster: usera userb userc

Add you can add the directive AuthGroupFile in .htaccess as below to limit access to specific group of users. 

AuthUserFile /home/<"username">/public_html/.htpasswd
AuthGroupFile /home/<"username">/public_html/.htgroup
AuthName ByPassword
AuthType Basic

require group friends

Explanation of the Syntax

Configuration directives

AuthType type
Must be Basic
AuthName name
The symbolic name of this access file. It shows up when a user is prompted for a password. Specify whatever you think is appropriate.
AuthUserFile file
Specifies the absolute path of the user's password file.
AuthGroupFile file
Specifies the absolute path of the user's group access file.

Access Directives
require valid-user
Allow all users in the AuthUserFile file access upon providing a valid password.
require user user1 user2 ...
Specify which users (separated by spaces) in the AuthUserFile file are allowed access upon providing a valid password.
require group group1 group2 ...
Specify which groups of users in the AuthGroupFile file are allowed access upon providing a valid password.
Next: Password Protection by WebLDAP